Cyber Security support to the HumanDrive Project th Dec 2018 13 th - PowerPoint PPT Presentation

Cyber Security support to the HumanDrive Project th Dec 2018 13 th 13 SBD Autom omot otive ve Ltd Busin iness Develo lopm pment nt Manager Luigi i Bisbig iglia

• ‘Grand Drive’ will be an end -to-end journey of around 200 miles including Motorway, A-Road and Country Road driving • Using Machine Learning and AI to provide human-like control • Research into human driving behaviour using physical vehicles and simulator • Transport Systems Catapult and Horiba MIRA responsible for the Safety Work Package • Cyber Security covered by a separate Work Package Autumn

SBD’s Cyber Support Package • Analysis of public hacks • New product and technology tracking • New standards and guidelines • Competitor activity • Knowledge sharing Intelligence • Threat modelling for security • Objective setting requirements and design • Design process improvement reviews • Cyber roadmap • Penetration testing • Incident response planning • Risk assessment (analysis of Evaluation Strategy • Training results, remediation and risk • Supplier evaluation rating)

SAE Definitions

Implementation Trends SAE Levels Key in-car architecture characteristics • Piece meal implementation Level 0 • Very few ADAS available,developed as a stand alone solution “Legacy architecture” • No sensor fusion ( sensor hardwired to ECU, not networked ) and no actuators involved • Mainly CAN technology • Piece meal implementation Level 1 • A few stand-alone ADAS “Carry - over architecture” • When there is actuation (e.g. braking), the ADAS ECU is usually on the same network as the actuator • Mainly CAN technology • Dedicated ADAS network Level 2 • Primitive / localised sensor fusion taking place (front sensing with rear facing). Some sensors are networked “Primitive ADAS architecture” • FlexRay technology introduced • Ethernet used for 360 all round view • Some features communicate with key fob / smartphone • Dedicated ADAS domain to support sensor fusion on a much larger scale Level 3 • Sensor fusion partitioned in domains “Semi autonomous • GPS / map data becomes a sensor that needs regular update • Communication with key fob / smartphone architecture” • FlexRay and Ethernet standard • Dedicated ADASdomain to support full sensor fusion (Forward, Rear, All Around) Level 4 • GPS / map data need near “real - time” update & high definition “Full autonomous • Communicate with key fob / smartphone • OTA download and connected services (including Artificial intelligence) architecture” • FlexRay and Ethernet standard • Same as for level 4 but with more sensors to accommodate all types of road, weather and lighting environment. Level 5 “Driverless architecture”

Layer 3 and above layers architecture

Representative Electrical Architecture

STRIDE STRIDE ( S poofing, T ampering, R epudiation, I nformation D isclosure, Denial of Service and E levation of Privilege) is a threat modelling approach developed by Microsoft and it is currently considered the most applicable method for the automotive industry because it: • Is a threat centric approach • Provides a structured approach of categorising threats Attempt to gain access to Spoofing • Enables direct mapping with system’s elements and security attributes S a system by using a false User Identity identity Tampering Unauthorised modification T with Data of data Ability of users to deny R that they performed Repudiation Unwanted exposure of data specific actions User with limited privileges Information I Disclosure gains access to restricted application Process of making a Denial of D system unavailable to Service legitimate users User with limited Elevation of E privileges gains access to Privilege restricted application

Threat Modelling

Reference: Who are the Hackers ? • Depending on hackers/hacker groups, targets can be different. Therefore attacking techniques and equipment are also different . Hactivists Make Political Statements Cyber Criminal Financial gain, Cyber Warfare Disgruntled ex- Revenge employees State Hackers Espionage Script Kiddies Fun and Fame, Avoid paying Spy Hackers Corporate Espionage

Defining the Actors Environment

Representative Abuse Stories Case # Actor I Want So That • User stories is a method for 1 Bitcoin Miner Use ability of ECUs Get more bitcoin capturing high-level system 2 Academic Researcher/Cyber Criminal Spoof the system Get private information from vehicle functional requirements. The Patch the vehicle but ignore some of Have this customer back and get more user stories are generated by the 3 Service Provider them money system stakeholders. 4 Vehicle Owner Block the entrance parking Annoy my neighbours 5 Vehicle Owner Cheat after cars into giving ways He can drive faster • User stories captured for 6 Professional Hacker Hack into the car Ransom it to their owners malicious Actors can help in 7 Competitor Cause delays(jam) in some roads Gain advantage/value identifying potential system 8 Criminal Follow another vehicle Do criminal activities misuse or exploitation , at a high 9 Criminal Other CAV crash into my own Get money level. 10 Criminal Use Autonomous Car Transport illicit goods 11 Terrorist Use Autonomous Car Damage traffic • User stories written for intended 12 Professional Hacker Spoof signs Change vehicle behaviour Actors can help in identifying the 13 OCA (Organise Crime Agent) Data mining - sell products on web Can get profit functions that need protecting 14 OEM Gather data to sell Get money and the required interactions 15 Competitor Develop new exciting products Seize the market between the intended Actors. 16 Pranker Direct traffic Make giggles 17 OEM Highlight deficiencies in system Gan greater market sharing 18 Attacker/Terrorist Remotely control cars Commit a terrorist attack 19 Professional Hacker Control the vehicle Do the DDoS attack to others

Defence In Depth

Defence in Depth

HumanDrive Consortium Richard.Hillman@ts.catapult.org.uk http://humandrive.co.uk